U.S. patent application number 10/334263 was filed with the patent office on 2004-10-14 for monitoring changeable locations of client devices in wireless networks.
This patent application is currently assigned to International Business Machines Corporation. Invention is credited to Hind, John R., Stockton, Marcia L..
Application Number | 20040203908 10/334263 |
Document ID | / |
Family ID | 32680797 |
Filed Date | 2004-10-14 |
United States Patent
Application |
20040203908 |
Kind Code |
A1 |
Hind, John R. ; et
al. |
October 14, 2004 |
Monitoring changeable locations of client devices in wireless
networks
Abstract
Security of wireless networks is improved by rejecting traffic
from a wireless device located outside a defined spatial boundary.
The device's spatial position with respect to the boundary is
determined using directional antenna arrays on a plurality of
measurement points, and calculating where the vectors intersect.
Having thus determined a device's location, access to a wireless
network can be denied if the device is outside a predetermined
spatial boundary. Or, the device's location inside or outside of
the spatial boundary can be used for monitoring a changeable
location of one or more client devices in a wireless network, for
example as a theft detection or theft deterrent mechanism.
Inventors: |
Hind, John R.; (Raleigh,
NC) ; Stockton, Marcia L.; (Bakersfield, CA) |
Correspondence
Address: |
IBM CORPORATION
3039 CORNWALLIS RD.
DEPT. T81 / B503, PO BOX 12195
REASEARCH TRIANGLE PARK
NC
27709
US
|
Assignee: |
International Business Machines
Corporation
Armonk
NY
|
Family ID: |
32680797 |
Appl. No.: |
10/334263 |
Filed: |
December 31, 2002 |
Current U.S.
Class: |
455/456.1 ;
455/411 |
Current CPC
Class: |
H04W 64/00 20130101 |
Class at
Publication: |
455/456.1 ;
455/411 |
International
Class: |
H04Q 007/20 |
Claims
What is claimed is:
1. A method of monitoring a changeable location of one or more
client devices in a wireless local area network ("WLAN"),
comprising steps of: receiving, at a first device on the WLAN,
measurement data from a plurality of measurement points on the
WLAN, wherein the measurement data for each measurement point
comprises a reading for a particular client device, the reading
observed by a plurality of antenna elements of the measurement
point, the antenna elements being capable of determining an angle
to a source of radio transmission; computing, by the first device,
a current location of the particular client device using the
received measurement data; and determining, by the first device,
whether the current location of the particular client device is
within a predetermined spatial boundary.
2. The method according to claim 1, further comprising the step of
allowing the particular client device to access the WLAN only if
its current location is determined to be within the predetermined
spatial boundary.
3. The method according to claim 1, further comprising the step of
deactivating one or more functions of the particular client device
if its current location is determined not to be within the
predetermined spatial boundary.
4. The method according to claim 3, wherein the first device
periodically transmits a cryptographic key from the first device to
the particular client device, the cryptographic key being required
to unlock at least one of the functions of the particular client
device, and wherein the deactivating step further comprises the
step of ceasing the transmission when the current location of the
particular client device is determined not to be within the
predetermined spatial boundary.
5. The method according to claim 1, further comprising the step of
activating an alarm if the current location of the particular
client device is determined not to be within the predetermined
spatial boundary.
6. The method according to claim 1, further comprising the steps
of: maintaining an enumeration of a plurality of client devices
that should be present in the WLAN; performing the receiving,
computing, and determining steps for each of the plurality of
client devices; and if the current location of any of the client
devices is determined not to be within the predetermined spatial
boundary, activating an alarm.
7. The method according to claim 1, further comprising the steps
of: maintaining an enumeration of a plurality of client devices
that should be present in the WLAN; performing the receiving,
computing, and determining steps for each of the plurality of
client devices; and if the current location of any of the client
devices is determined not to be within the predetermined spatial
boundary, deactivating one or more functions of such devices.
8. The method according to claim 1, wherein the first device learns
the predetermined spatial boundary at set-up time, further
comprising steps of: moving a training client device around a
spatial boundary while the training client device communicates with
a set-up application in the first device; recording, by the set-up
application, successive locations of the training client device
from these communications; and using, by the set-up application,
the successive locations to define the predetermined spatial
boundary.
9. A system for monitoring a changeable location of one or more
client devices in a wireless local area network ("WLAN"),
comprising: means for receiving, at a first device on the WLAN,
measurement data from a plurality of measurement points on the
WLAN, wherein the measurement data for each measurement point
comprises a reading for a particular client device, the reading
observed by a plurality of antenna elements of the measurement
point, the antenna elements being capable of determining an angle
to a source of radio transmission; means for computing, by the
first device, a current location of the particular client device
using the received measurement data; and means for determining, by
the first device, whether the current location of the particular
client device is within a predetermined spatial boundary.
10. The system according to claim 9, further comprising means for
allowing the particular client device to access the WLAN only if
its current location is determined to be within the predetermined
spatial boundary.
11. The system according to claim 9, further comprising means for
deactivating one or more functions of the particular client device
if its current location is determined not to be within the
predetermined spatial boundary.
12. The system according to claim 11, wherein the first device
periodically transmits a cryptographic key from the first device to
the particular client device, the cryptographic key being required
to unlock at least one of the functions of the particular client
device, and wherein the means for deactivating further comprises
means for ceasing the transmission when the current location of the
particular client device is determined not to be within the
predetermined spatial boundary.
13. The system according to claim 9, further comprising means for
activating an alarm if the current location of the particular
client device is determined not to be within the predetermined
spatial boundary.
14. The system according to claim 9, further comprising: means for
maintaining an enumeration of a plurality of client devices that
should be present in the WLAN; means for performing the means for
receiving, means for computing, and means for determining for each
of the plurality of client devices; and if the current location of
any of the client devices is determined not to be within the
predetermined spatial boundary, means for activating an alarm.
15. The system according to claim 9, further comprising: means for
maintaining an enumeration of a plurality of client devices that
should be present in the WLAN; means for performing the means for
receiving, means for computing, and means for determining for each
of the plurality of client devices; and if the current location of
any of the client devices is determined not to be within the
predetermined spatial boundary, means for deactivating one or more
functions of such devices.
16. The system according to claim 9, wherein the first device
learns the predetermined spatial boundary at set-up time, further
comprising: means for moving a training client device around a
spatial boundary while the training client device communicates with
a set-up application in the first device; means for recording, by
the set-up application, successive locations of the training client
device from these communications; and means for using, by the
set-up application, the successive locations to define the
predetermined spatial boundary.
17. A computer program product for monitoring a changeable location
of one or more client devices in a wireless local area network
("WLAN"), the computer program product embodied on one or more
computer readable media readable by a computing system in a
computing environment and comprising: computer-readable program
code means for receiving, at a first device on the WLAN,
measurement data from a plurality of measurement points on the
WLAN, wherein the measurement data for each measurement point
comprises a reading for a particular client device, the reading
observed by a plurality of antenna elements of the measurement
point, the antenna elements being capable of determining an angle
to a source of radio transmission; computer-readable program code
means for computing, by the first device, a current location of the
particular client device using the received measurement data; and
computer-readable program code means for determining, by the first
device, whether the current location of the particular client
device is within a predetermined spatial boundary.
18. The computer program product according to claim 17, further
comprising computer-readable program code means for allowing the
particular client device to access the WLAN only if its current
location is determined to be within the predetermined spatial
boundary.
19. The computer program product according to claim 17, further
comprising computer-readable program code means for deactivating
one or more functions of the particular client device if its
current location is determined not to be within the predetermined
spatial boundary.
20. The computer program product according to claim 19, wherein the
first device periodically transmits a cryptographic key from the
first device to the particular client device, the cryptographic key
being required to unlock at least one of the functions of the
particular client device, and wherein the computer-readable program
code means for deactivating further comprises the step of ceasing
the transmission when the current location of the particular client
device is determined not to be within the predetermined spatial
boundary.
21. The computer program product according to claim 17, further
comprising computer-readable program code means for activating an
alarm if the current location of the particular client device is
determined not to be within the predetermined spatial boundary.
22. The computer program product according to claim 17, further
comprising: computer-readable program code means for maintaining an
enumeration of a plurality of client devices that should be present
in the WLAN; computer-readable program code means for performing
the means for receiving, means for computing, and means for
determining for each of the plurality of client devices; and if the
current location of any of the client devices is determined not to
be within the predetermined spatial boundary, computer-readable
program code means for activating an alarm.
23. The computer program product according to claim 17, further
comprising: computer-readable program code means for maintaining an
enumeration of a plurality of client devices that should be present
in the WLAN; computer-readable program code means for performing
the means for receiving, means for computing, and means for
determining for each of the plurality of client devices; and if the
current location of any of the client devices is determined not to
be within the predetermined spatial boundary, computer-readable
program code means for deactivating one or more functions of such
devices.
24. The computer program product according to claim 17, wherein the
first device learns the predetermined spatial boundary at set-up
time, further comprising: computer-readable program code means for
moving a training client device around a spatial boundary while the
training client device communicates with a set-up application in
the first device; computer-readable program code means for
recording, by the set-up application, successive locations of the
training client device from these communications; and
computer-readable program code means for using, by the set-up
application, the successive locations to define the predetermined
spatial boundary.
25. A method of doing business by monitoring a changeable location
of one or more client devices in a wireless local area network
("WLAN"), comprising steps of: maintaining an enumeration of a
plurality of client devices that should be present in the WLAN;
monitoring a current location of each of the client devices,
further comprising the steps of: receiving, at a first device on
the WLAN, measurement data from a plurality of measurement points
on the WLAN, wherein the measurement data for each measurement
point comprises a reading for a particular one of the client
devices, the reading observed by a plurality of antenna elements of
the measurement point, the antenna elements being capable of
determining an angle to a source of radio transmission; computing,
by the first device, the current location of the particular client
device using the received measurement data; and determining, by the
first device, whether the current location of the particular client
device is within a predetermined spatial boundary; if the
monitoring step determines that the current location of any of the
client devices is not within the predetermined spatial boundary,
deactivating one or more functions of such devices and/or
activating an alarm; and charging a fee for carrying out the
maintaining, monitoring, and deactivating and/or activating steps.
Description
RELATED INVENTION
[0001] The present invention is related to commonly-assigned U.S.
Pat. No. ______ (serial number 10/______, filed concurrently
herewith), which is entitled "Spatial Boundary Admission Control
for Wireless Networks", and which is hereby incorporated herein by
reference.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to security of computer
networks, and deals more particularly with methods, systems,
computer program products, and methods of doing business whereby
access to a wireless network is controlled based on a device's
presence within a spatial boundary. The disclosed techniques may
also be used for determining whether devices remain within a
spatial boundary.
[0004] 2. Description of the Related Art
[0005] "WiFi" (for "wireless fidelity") or "Wi-Fi".RTM. is the
label commonly applied to devices following the Institute of
Electrical and Electronics Engineers ("IEEE") 802.11b
specification. This abbreviation is taken from the logo of an
industry interoperability group (Wireless Ethernet Compatibility
Alliance, Inc., or "WECA", also known as the Wi-Fi Alliance) that
certifies compliant products. ("Wi-Fi" is a registered trademark of
Wireless Ethernet Compatibility Alliance, Inc.) WiFi technology
allows a raw wireless data transmission rate of approximately 11
Mbps at indoor distances from several dozen to several hundred
feet, and outdoor distances of several to tens of miles using an
unlicensed portion of the 2.4 GHz band in 14 overlapped
channels.
[0006] While two modes of operation are possible, namely
peer-to-peer and network, most WiFi installations use the network
form where an "access point" serves as a hub bridging client
adapters to one another and to a wired network, often using Network
Address Translation ("NAT") technology. See FIG. 1, where this
configuration is illustrated. When a client wants to join a network
hosted by an access point, it must first synchronize with that
network by performing the following synchronization protocol steps.
First, to establish initial communications, it either listens for a
"beacon" sent periodically by the access point or sends a "probe"
and awaits a response. Next, the client undergoes an authentication
process with the access point. If that is successful, the client
proceeds to an association process which sets up a logical session
over which higher-layer protocols and data may flow. At any point
thereafter, either the access point or the client may terminate the
association, shutting down further data communications. After the
association is terminated, no further data communication can occur
until the aforementioned synchronization protocol is repeated to
join the network anew.
[0007] The world of WiFi is no longer confined to
expensive-gadget-happy geeks, but is being embraced by everyday
people who love the convenience of being mobile. Mass production
has made access points and client adapters so inexpensive that WiFi
is being widely used for networking in many places, including homes
and small offices, replacing the high-cost special wiring of the
past and allowing folks to easily move their computing workspace on
a moment-to-moment whim. As the majority of users purchasing
commodity-priced WiFi gear are non-technical, they have no insight
to the underlying technology nor do they understand the side
effects of its use.
[0008] Unfortunately, WiFi has also attracted the hacker fringe,
who view its deployment as an invitation to steal access to the
Internet and/or locally-available services. The poor security which
has been identified in WiFi's standard protocols (see, for example,
"Wireless networks wide open to hackers" by Robert Lemos, which may
be found on the Internet at
http://news.com.com/2100-1001-269853.html?tag=bplst ), coupled with
cheap ways to intercept the radio signals miles outside the nominal
300 foot service radius (see "Antenna on the Cheap" by Rob
Flickenger, located on the Internet at
http://www.oreillynet.com/cs/weblog/view/wlg/448) has opened the
barn door to even the lowly budget-strapped high school "script
kiddy". With this trend, new terms for wireless hacking have
emerged, such as "War Driving" and "Warchalking". War driving is
the activity of locating WiFi networks that can easily be tapped
from a laptop in a car. (See "WAR DRIVING" by Sandra Kay Miller,
located on the Internet at
http://www.infosecuritymag.com/articles/november01/technology-
_wardriving.shtml, for an article on this topic.). Warchalking is
the practice of marking the presence of WiFi networks (for example,
on the side of a building where a WiFi network is detected by a
"war driver", or on the sidewalk in front of the building) so they
are easy to locate without a device such as the $6.45 "Pringles"
can antenna (described in the above-mentioned "Antenna on the
Cheap" article) used by the war drivers.
[0009] What is needed is a way of improving security in WiFi
networks to prevent intrusion by unauthorized devices. The solution
must be easy to set up, even in a home environment, and must not
require changes to the WiFi standards or to existing client device
adapters.
SUMMARY OF THE INVENTION
[0010] An object of the present invention is to improve security in
WiFi networks.
[0011] Another object of the present invention is to provide
security improvements for WiFi networks by establishing a spatial
boundary around a WiFi network and rejecting network traffic from
devices outside the boundary.
[0012] A further object of the present invention is to provide
improvements to WiFi networks that are easy to set up, even in a
home environment, and that do not require changes to the WiFi
standards or to existing client device adapters.
[0013] Another object of the present invention is to provide
techniques for monitoring a changeable location of one or more
client devices in a wireless network.
[0014] A further object of the present invention is to provide
techniques for deterring and/or detecting theft of wireless
devices.
[0015] Other objects and advantages of the present invention will
be set forth in part in the description and in the drawings which
follow and, in part, will be obvious from the description or may be
learned by practice of the invention.
[0016] To achieve the foregoing objects, and in accordance with the
purpose of the invention as broadly described herein, the present
invention provides methods, systems, and computer program products
for monitoring a changeable location of one or more client devices
in a wireless network. In a preferred embodiment, this technique
comprises: receiving, at a first device on the WLAN, measurement
data from a plurality of measurement points on the WLAN, wherein
the measurement data for each measurement point comprises a reading
for a particular client device, the reading observed by a plurality
of antenna elements of the measurement point, the antenna elements
being capable of determining an angle to a source of radio
transmission; computing, by the first device, a current location of
the particular client device using the received measurement data;
and determining, by the first device, whether the current location
of the particular client device is within a predetermined spatial
boundary.
[0017] This embodiment may ftrther comprise allowing the particular
client device to access the WLAN only if its current location is
determined to be within the predetermined spatial boundary;
deactivating one or more functions of the particular client device
if its current location is determined not to be within the
predetermined spatial boundary; and/or activating an alarm if the
current location of the particular client device is determined not
to be within the predetermined spatial boundary. The first device
may periodically transmit a cryptographic key from the first device
to the particular client device, the cryptographic key being
required to unlock at least one of the functions of the particular
client device, in which case the deactivation preferably further
comprises ceasing the transmission when the current location of the
particular client device is determined not to be within the
predetermined spatial boundary.
[0018] An enumeration may be maintained of a plurality of client
devices that should be present in the WLAN, in which case an alarm
may be activated and/or one or more functions may be deactivated if
the current location of any of the client devices is determined not
to be within the predetermined spatial boundary.
[0019] The first device preferably learns the predetermined spatial
boundary at set-up time, where this preferably comprises: moving a
training client device around a spatial boundary while the training
client device communicates with a set-up application in the first
device; recording, by the set-up application, successive locations
of the training client device from these communications; and using,
by the set-up application, the successive locations to define the
predetermined spatial boundary.
[0020] The present invention may also be provided as methods of
doing business, whereby a service is offered to clients for
determining whether their wireless devices are within, or remain
within, a particular spatial boundary. This service may be provided
under various revenue models, such as pay-per-use billing, monthly
or other periodic billing, and so forth.
[0021] The present invention will now be described with reference
to the following drawings, in which like reference numbers denote
the same element throughout.
BRIEF DESCRIPTION OF THE DRAWINGS
[0022] FIG. 1 depicts devices in a simple wireless network
configuration, according to the prior art;
[0023] FIG. 2 illustrates a plurality of remote wireless sensors
and a base station, also referred to herein as "measurement
points", deployed in a wireless network for determining a client
device's location according to preferred embodiments of the present
invention;
[0024] FIG. 3 shows several client devices that may attempt to
access the wireless network of FIG. 2;
[0025] FIGS. 4, 6, and 8 provide flowcharts depicting logic that
may be used to implement preferred embodiments of the present
invention;
[0026] FIG. 5 illustrates how angular measurements at two
measurement points may suffice to narrow the spatial position of a
transmission source to an intersection zone, according to preferred
embodiments of the present invention; and
[0027] FIG. 7 shows an example of a data structure that may be used
at the base station to store measurements from the various
measurement points, for a plurality of client devices.
DESCRIPTION OF PREFERRED EMBODIMENTS
[0028] Security of wireless networks is improved by rejecting
traffic from a wireless device located outside a defined spatial
boundary. The device's spatial position with respect to the
boundary is determined using multiple directional antenna arrays
and calculating where the vectors intersect. Problems of prior art
approaches are solved by the present invention, which provides a
novel application of existing technologies.
[0029] Most client adapters in existing devices use
omni-directional antennas. However, in addition to the significant
attenuation of the radio signal as it passes through intervening
objects like walls and furniture, these so-called omni-directional
antennas exhibit significant variations in gain patterns, i.e.,
they are not really omni-directional. Thus, the signal strength
seen at a receiver is of no use in determining the distance to the
transmitter.
[0030] The present invention overcomes problems of the prior art
using a modified WiFi access point (also called a "base station")
and at least two remote wireless sensors, all participating in the
WiFi network to be protected, and preferably deployed in an
equilateral triangle configuration. See FIG. 2. These devices are
referred to herein as "measurement points". Each measurement point
is equipped with a directional antenna capable of determining the
angle to the source of radio transmissions. By intersecting the
directional vectors measured at each measurement point, the present
invention determines the spatial position of devices attempting to
access the network, and classifies them as being inside or outside
a defined boundary. See FIG. 3. Devices inside the boundary are
allowed to connect to the network (assuming, of course, that the
previously-discussed synchronization protocol completes
successfully), while devices outside the boundary are not.
[0031] Preferred embodiments of the present invention use an
antenna array at each measurement point to determine the angular
direction of the client's transmission. An "antenna array" is any
prior-art arrangement of antenna elements capable of discerning the
directionality of a radio signal. (That is, the measurement point's
directional antenna may be a single antenna comprised of multiple
antenna elements in an array, or a plurality of antennas that are
individually not directional but which are directional when used
together as an array.) in simple wireless networks such as a
single-occupant house or an office building, two-element arrays at
each measurement point may suffice to define a 2-dimensional
boundary. For more complex arrangements where a 3-dimensional
spatial boundary is needed, each measurement point can employ a
multiple-element array to measure the angle of the received signals
in 3 dimensions.
[0032] The base station, upon receiving angular readings from each
measurement point for a given association (i.e., for a given client
session with the base station), computes the client's position with
respect to a defined boundary. If this position falls outside the
defined boundary, the base station terminates the association,
forcing the client to re-authenticate before it can receive or send
layer three data. This process is described in more detail below,
with reference to FIG. 6.
[0033] Each measurement point is equipped with an antenna array
that intercepts radio transmissions from client devices. The
processing of a client transmission at a measurement point is
illustrated by logic in FIG. 4. Upon detecting a transmission
(Block 400), the measurement point preferably measures the angular
relationship between the signal source and the antenna array (Block
410), decodes the WiFi packet to extract the client association
identifier (Block 420), locates an appropriate slot in a buffer
corresponding to the association (Block 430), and saves the angular
value in that slot (Block 440). The angular relationship may be
determined using suitable prior art techniques such as phase angle,
which may be implemented using a digital signal processor or other
suitable hardware/software combination.
[0034] To prevent excessive communications overhead between the
base station and the other measurement points and to reduce the
base station's processing load, the measurement points preferably
collect, sort, and reduce instantaneous readings over a short
period, say a few seconds. For every unique association seen in
client transmissions, the measurement point then reports a single,
most-recent angle for this association to the base station. This
reporting process is illustrated in FIG. 4, where Block 450 tests
to see if the reporting is triggered. (For example, when a timer is
used to measure the preferably-short reporting period, Block 450
comprises determining whether the timer has popped.) If so, then
the measurement point transmits saved values for one or more
associations to the base station (Block 460). Alternatively, the
processing of Blocks 450 and 460 may be separated from the
processing of Blocks 400-440. (For example, a separate thread may
be used for implementing the reporting.) In this case, the
reporting may occur independently of receiving a client
transmission.
[0035] The diagram in FIG. 5 depicts how angular measurements at
two measurement points may suffice to narrow the spatial position
of a transmission source to an intersection zone. Depending on the
type of antenna array employed, it may not be possible to know the
precise angle. The phase angle method in preferred embodiments of
the present invention can determine a vector (e.g., vector a),
where the transmitter could be located at a degrees +/- some
tolerance, with respect to an individual antenna array. (Depending
on the antenna array in use, the phase angle method might only be
able to determine that the transmitter is either at a degrees, plus
or minus some tolerance, or at .alpha.+180 degrees, plus or minus
the same tolerance.) The intersection of these vectors from the two
measurement points forms an "intersection zone", where this
intersection zone indicates the transmitter's approximate position
in a 2-dimensional space.
[0036] To a define 2-dimensional planar boundary, e.g., using 3
measurement points, ideally the measurement points are positioned
in an equilateral triangle with vertices near the defined boundary.
FIGS. 2 and 3 illustrate a circular boundary using a dotted line.
In this example, the cell phone and laptop devices would be
prevented from accessing the network, since they are outside the
spatial boundary, but the pager device would be allowed access.
Preferably, each measurement point's antenna array is oriented
approximately 60 degrees from the other two measurement points'
antenna arrays.
[0037] With less-than-ideal arrangements, the spatial tolerance
becomes less precise. The tolerance will vary with the angle to an
antenna array and between the devices. In preferred embodiments,
each measurement point reports its observed angles as if they are
perfect, i.e., having a zero tolerance; however, each measured
angle is affected by the tolerance (i.e., variance) of its antenna.
In a typical implementation using mass-marketed antennas, the
tolerance angle is likely a function of the type of antenna array,
and thus may be defined as a constant or configurable value to be
used by the base station when computing client positions.
Alternatively, an implementation may allow for the measurement
points to transmit their tolerance angle to the base station, if it
is known. It should be noted that the tolerance angle need not be
uniform among measurement points. Instead, each measurement point
simply needs a tolerance angle that is reasonable, i.e., not too
large, and that is known by or available to the base station.
[0038] To determine the transmitter's position in a 3-dimensional
space (e.g., a suite within an office building), preferred
embodiments use three measurement points and intersect three
vectors. A larger number of measurement points can be used, if
desired.
[0039] The remote measurement points are themselves WiFi clients
and at regular short intervals transmit their measurement data (a
list of association, angle pairs) to the base station. There are
numerous ways to encode and to synchronize the transmissions from
the remote measurement points, and the scope of the present
invention is not limited by choice of a particular approach. One
approach that may be used will now be described with reference to
logic in FIG. 6.
[0040] On receiving measurement data from a remote measurement
point (Block 600), the base station stores this data in a table or
similar data structure (Block 610). Recall that, in preferred
embodiments, the base station itself hosts an additional
measurement point, and thus locally-received input (which may be
processed by the base station, in its role as a measurement point,
using logic in FIG. 4) is also stored in this table.
(Alternatively, an additional remote measurement point might
replace the base station in its role of observing and reporting
device locations, without deviating from the scope of the present
invention.) Preferably, the rows of the table correspond to client
associations observed during a measurement interval. The first
column contains the association identifier. Additional columns
correspond to each measurement point. See FIG. 7, where a sample
table is illustrated. In this sample table 700, the association
identifier is stored in column 705, the data observed by the base
station itself is stored in column 710, and data reported by two
remote measurement points ("MP1" and "MP2") is stored in columns
715 and 720, respectively. Additional columns may be added for
implementations using more than three measurement points.
[0041] Returning to the discussion of FIG. 6, the base station
checks (Block 620) to see if it is time to process the table
entries. If not, control returns to Block 600 to await input from
another measurement point. Otherwise, Block 630 processes this
table to determine each client's position. Block 640 compares the
client position to the defined boundary, and if the client is
outside the boundary, this association is terminated (Block 650).
In either case, control preferably returns to Block 600.
[0042] In one aspect, the test in Block 620 is timer-driven. For
example, a collection interval may be defined, and the table
entries that have been collected during this interval are then
processed when the collection interval expires. One way in which
this aspect may be implemented is illustrated by logic in FIG. 8.
Upon receipt of data from a measurement point, a time stamp is
preferably associated with the data as it is recorded in an
augmented version of the table of FIG. 7 (Block 610'). This time
stamp may be the arrival time at the base station, or in
alternative implementations it may be a time stamp reported by the
measurement point. (In the latter case, a reliable
clock-synchronizing algorithm is preferably used to synchronize the
clocks of the various measurement points. Clock-synchronizing
algorithms are known in the art, and do not form part of the
inventive concepts of the present invention.)
[0043] Block 620' comprises checking to see if more than one
measurement point (including the base station) has reported data
during the current collection interval. The collection interval is
preferably a predefined constant (or a configurable parameter), and
should be small enough so that if a client is mobile (e.g., in a
car or being carried by a person), it cannot have travelled very
far during the interval. The collection interval should also be
greater than or equal to the reporting interval used by the
measurement points, so that if the measurement points report at
different times, data from multiple measurement points will be
available within a single collection interval. Thus, if the test in
Block 620' has a negative result, control returns to Block 600 of
FIG. 6 to await measurements from other measurement points within
this collection interval. When data is available from multiple
measurement points for this collection interval, on the other hand,
Block 800 locates all such data (and may remove stale entries from
the table, or may simply discard any measurements that fall outside
the current interval), and this data is used in Block 630 of FIG. 6
when computing the client's position.
[0044] In another aspect, the test in Block 620 and the subsequent
table-processing logic may be separated from the receipt of
measurement data in Block 600, such that the determination of
whether the table should be processed is independent of receiving
new input data. In one approach within this aspect, the test in
Block 620 has a positive result upon expiration of a timer (which
preferably coincides with the collection interval). As another
approach, a continuous looping process may be used. In this case,
the test in Block 620 has a positive result when a measurement
point has reported new data (and at least one other measurement is
available).
[0045] In a further aspect, a demand-driven protocol may be used,
whereby the base station periodically polls the measurement points
for their input on a particular association. The logic in FIG. 6
may then be used for processing the responses from the measurement
points. In this aspect, the test in Block 620 preferably comprises
determining whether each polled measurement point has reported its
data.
[0046] A key advantage of the present invention is ease of setup.
When deploying the system, there is no need to precisely position
the measurement points. They are simply placed at approximately
equal angles near the defined boundary, with each measurement
point's directional antenna aimed toward the center of the
protected area. Setup can be accomplished with very simple
instructions that almost anyone can follow, even if they have very
little (or no) technical expertise.
[0047] Preferably, the defined boundary is learned at set-up time
by carrying a client device around the intended boundary while
communicating with a set-up application in the base station. With
the remote reporting interval having been set to a very small
value, the base station learns the angular coordinates of the
boundary with respect to the measurement points, but need not know
the actual dimensions involved (since it does not know the scale of
distance involved). Setting the reporting interval to a larger or
smaller value (and/or altering the speed of movement of the client
device) during this set-up process allows a base station to learn a
boundary at a different level of granularity.
[0048] Prior art software approaches are known which attempt to use
relative signal strength triangulation to locate wireless local
area network ("WLAN") clients. As one example, the Positioning
Engine from Ekahau, Inc. is a commercially-available product that
may be used for tracking device locations in a WLAN. While this
product offers a number of advantages, because of signal
attenuation and device transmission characteristics, extensive
mapping of the entire area of coverage may be needed to produce
highly-accurate results. (Accurate results require using client
adapters whose relative characteristics to the device used in the
mapping are known. That is, the transmitted power or effective
radiated power from the attached or built-in antenna, at various
angles, must be known, since this approach relies on signal
strength.) This approach also needs multiple full-wired access
points (at least three), and changing the content of the area
monitored (for example, moving furniture around) requires a
recalibration. For each interior mapped point, location coordinates
are needed to pair with the signal strength readings.
[0049] The present invention uses a different approach, as
described in detail above. It does not rely on signal strength and
hence on client adapter/antenna characteristics. The present
invention is not impacted by the content (e.g., furniture, walls,
books, etc.) of the monitored area or changes to that content. The
training process used in preferred embodiments comprises simply
walking the boundary, without needing to tell the system where the
moving device is at each measurement. The remote sensing device
uses the WLAN to report readings, and therefore does not need
multiple access points.
[0050] The present invention has been described with reference to
its use in determining whether mobile devices are inside or outside
a spatial boundary. However, this is for purposes of illustration
and not of limitation. The inventive techniques described herein
may be used for devices that are stationary devices as well
(including a mobile device that has become stationary). The present
invention may also be used to ensure that one or more devices
remain within a defined spatial boundary. For example, a
theft-prevention system may be implemented in an office setting,
retail store, warehouse, etc. using techniques disclosed herein.
Suppose that an electronics store wishes to prevent thefts of
relatively-expensive wireless gadgets. The devices can be defined
as participants in a WLAN. An enumerated list of these devices can
be created, and a system using techniques disclosed herein can then
test for the devices on this list remaining within the defined
boundary (e.g., the showroom and/or stockroom). If a device that is
supposed to be within the store moves outside the boundary, instead
of rejecting its participation in the wireless network (as
described above with reference to Blocks 640 and 650 of FIG. 6),
the base station might activate an audible alarm or perhaps send a
signal to the device to cause it to sound its own alarm, flash
lights, etc. Similarly, the continued presence of wireless devices
at a museum, trade show, hotel, office, or other business location
can be monitored in the same manner. Guests can therefore use the
devices while visiting the premises, but are effectively
discouraged from removing the devices from that location.
[0051] Another application of the disclosed techniques is to
disable the functionality of a wireless device if the device
crosses a defined boundary. For example, a cryptographic key might
be transmitted from the base station to a wireless device
periodically, allowing the device to "unlock" its software and
render that software usable. If the device moves outside the
boundary, the base station ceases transmitting the key. The device
may then continue to work from an electrical standpoint, but the
absence of the key causes the software to just stop working.
[0052] These and other applications are within the scope of the
present invention.
[0053] The present invention may be provided as method(s) of doing
business. For example, a business entity may provide a service that
monitors the location of devices using techniques disclosed herein.
This service may be provided under various revenue models, such as
pay-per-use billing, monthly or other periodic billing, and so
forth.
[0054] While preferred embodiments have been described with
reference to radio-based wireless (i.e., WiFi or 802.11b) networks,
this is for purposes of illustration but not of limitation; the
disclosed techniques may be applied to other types of wireless
networks as well.
[0055] As will be appreciated by one of skill in the art,
embodiments of the present invention may be provided as methods,
systems, or computer program products. Accordingly, the present
invention may take the form of an entirely hardware embodiment, an
entirely software embodiment (augmented by the antennas and
measurement point devices and adapters), or an embodiment combining
software and hardware aspects, Furthermore, the present invention
may be embodied in a computer program product which is embodied on
one or more computer-usable storage media (including, but not
limited to, disk storage, CD-ROM, optical storage, and so forth)
having computer-usable program code embodied therein.
[0056] The present invention has been described with reference to
flowchart illustrations and/or block diagrams of methods, apparatus
(systems), and computer program products according to embodiments
of the invention. It will be understood that each block of the
flowchart illustrations and/or block diagrams, and combinations of
blocks in the flowchart illustrations and/or block diagrams, can be
implemented by computer program instructions. These computer
program instructions may be provided to a processor of a general
purpose computer, special purpose computer, embedded processor, or
other programmable data processing apparatus to produce a machine,
such that the instructions (which execute via the processor of the
computer or other programmable data processing apparatus) create
means for implementing the functions specified in the flowchart
and/or block diagram block or blocks.
[0057] These computer program instructions may also be stored in
one or more computer-readable memories, where each such memory can
direct a computer or other programmable data processing apparatus
to function in a particular manner, such that the instructions
stored in the computer-readable memory produce an article of
manufacture including instruction means which implement the
function specified in the flowchart and/or block diagram block or
blocks.
[0058] The computer program instructions may also be loaded onto
one or more computers or other programmable data processing
apparatus to cause a series of operational steps to be performed on
the computers or other programmable apparatus to produce, on each
such device, a computer implemented process such that the
instructions which execute on the device provide steps for
implementing the functions specified in the flowchart and/or block
diagram block or blocks.
[0059] While preferred embodiments of the present invention have
been described, additional variations and modifications in those
embodiments may occur to those skilled in the art once they learn
of the basic inventive concepts. Therefore, it is intended that the
appended claims shall be construed to include the preferred
embodiments and all such variations and modifications as fall
within the spirit and scope of the invention.
* * * * *
References